Step-by-step guide on how to use Duo Mobile
Duo Mobile on Android
The Duo Mobile application makes it easy to authenticate — just tap “Approve” on the login request sent to your Android device. You can also quickly generate login passcodes, even without an internet connection or cell service.
If you need assistance installing or using Duo Mobile, please contact your organization’s IT Help Desk or Duo administrator.
Researching Duo for your organization? Learn about Duo’s multi-factor authentication (MFA) solutions.
Changes to Duo Mobile
We’ve redesigned Duo Mobile to give you an updated login experience. Learn more about what’s new to Duo Mobile version 4 in this video walkthrough:
3:16
●●●●●●
Install Duo Mobile
Find the latest version of Duo Mobile in Google Play. Be sure to install the app published by Duo Security LLC.
Supported Platforms: The current version of Duo Mobile supports Android 11 and greater.
Duo does not provide official support for non-standard custom Android distributions like OnePlus, LineageOS, or ColorOS, nor is Duo Mobile supported for use on ChromeOS.
To see which version of Duo Mobile is installed on your device, go to the Android Settings menu, tap Apps, then scroll down and tap Duo Mobile. The “App Info” screen shows the version.
Activate Duo Mobile for the First Time
When you enroll in Duo for the first time and choose to add an Android device or use Duo Push, you’re shown a QR code to scan with the Duo Mobile app to complete activation.
Launch Duo Mobile and tap Set up account.
To proceed with adding your initial Duo account to Duo Mobile, tap Use a QR code.
Use your camera to scan the QR code shown by Duo Enrollment in your browser. If you’re prompted to allow Duo Mobile permission to take pictures and record video, please grant it.
Give the new account a name to complete adding it to Duo Mobile.
It’s a good idea to take a few minutes to practice approving and denying Duo authentication requests if you haven’t used Duo before. Tap Practice now to go through some training screens like this one. If you feel comfortable using Duo Mobile to log in to applications you can tap Skip.
You’ll see your newly-added Duo account in the accounts list. Now you’re able to respond to Duo Push authentication requests, or generate passcodes to log in to applications.
Duo Push
If you choose to authenticate with Duo Push, you’ll get a login request sent to your phone — just press Approve to authenticate.
If you get a login request that you weren’t expecting, press Deny to reject the request. You’ll be asked if this was a suspicious login. If you aren’t trying to log into an application or service protected by Duo and don’t recognize the request, tap Yes to notify your organization’s Duo administrator. If you made a mistake or the login isn’t suspicious, tap No to deny the request without reporting it.
If you tapped Yes, this was a suspicious login, Duo will silence all Duo Mobile notifications for the next 20 minutes. You can still approve a Duo Push request by opening the Duo Mobile app and approving the pending authentication. Tap OK to continue to the Duo Mobile app.
Duo Push and Notifications
When the Duo Push notification shows up on your screen, tap where indicated to view the available actions: Approve or Deny.
Tap Approve in the notification to finish logging in to the Duo-protected application.
Tapping on the push request notification itself (instead of tapping the notification actions) takes you to the full Duo Push screen in Duo Mobile.
If your phone is running Android 13 or later, you may need to enable Duo Push notifications.
To enable Duo Push notifications:
- Press and hold on the Duo Mobile app icon and then select App info. On the following Duo Mobile app information screen, tap Notifications. Toggle All Duo Mobile notifications to on.
Fingerprint Verification
Duo Mobile also supports fingerprint verification for Duo Push-based logins as an additional layer of security to verify your user identity. If you’re using a device with a fingerprint reader you’ll need to scan your finger each time you authenticate via Duo Mobile (if required by your administrator).
If you’re not able to scan your fingerprint using the sensor you can also approve the Duo authentication request using the device’s passcode (the same one you use on the Android lock screen).
Verified Duo Push
Your organization may wish for you to enter a verification code shown within the Duo Universal Prompt into Duo Mobile when you approve a Duo Push request. This protects you from approving login requests not made by you and helps keep your accounts and information safe.
You will need Duo Mobile version 4.16.0 or later installed on Android 8 or newer to verify a Duo Push request with a code.
If you use an older version of Duo Mobile then you will receive a Duo Push request without the code entry field. If you try to approve then the login fails and you’ll see a message instructing you to update your software. Use a different allowed authentication method or contact your help desk.
If your organization requires Duo Push verification, Duo Universal Prompt displays a six-digit code on-screen when you choose to use Duo Push to log in to that application.
Enter the code shown on your screen into Duo Mobile and tap Verify to approve the login request.
If you enter an incorrect code, tap OK on your phone, and return to the Duo Universal Prompt where you can click or tap Other options to choose a different way to log in or to try Duo Push again.
If you receive a Duo Push request on your phone and you aren’t trying to log in to that application tap I’m not logging in to deny the request. You’ll be asked if this was a suspicious login. Tap Yes to notify your organization’s Duo administrator or tap No if you made a mistake or the login isn’t suspicious.
As of Duo Mobile version 4.58.0, you can tap Enter Code in the Duo Push notification and type in the verification code.
Passcodes
Tap an account to get a one-time passcode for login. This works anywhere, even in places where you don’t have an internet connection or can’t get cell service.
You’ll see a 30 second countdown indicator underneath the passcode. If you don’t use that passcode before it expires then the account refreshes with a new passcode and the countdown begins again.
If you need to use the passcode shown in Duo Mobile in another mobile app tap Copy and paste it into the other app.
If the account does not show a countdown indicator, then the passcode shown is valid until used. Tap Refresh Passcode to generate a new Duo passcode.
Add More Accounts to Duo Mobile
To add additional accounts to Duo mobile, tap Add in the upper right of your accounts list to go to the account type selector.
If the new account you want to add shows you a QR code to scan with an authenticator app, tap Use QR code from the Add account list. Scan the QR code with your camera to add the account to Duo Mobile.
You can also choose the type of account you want to add from the list, and then choose to add that account by scanning a QR code or by entering an activation code you receive from that application. Learn more about adding third-party accounts to Duo Mobile
Duo Mobile Account Search
If you have three or more accounts on Duo Mobile, you will see an account search bar in the app. To search for an account, tap on the search bar at the top of the app to pull up your phone’s keyboard and begin typing the account name. Any account name matching the search you typed in will appear underneath the search bar. Please note that you need to be running Duo Mobile version 4.42.1 or later.
Security Checkup
Duo Mobile’s Security Checkup verifies device settings against Duo’s recommended security settings, and lets you know if any of your device’s settings don’t match.
This Android device has up-to-date software and all of Duo’s recommended security settings configured:
This Android device is a few Android versions behind the latest:
Tap on any detected issue to learn more about that particular setting and how you can update your device with the recommended configuration.
Tap the menu and go to Security Checkup in Duo Mobile to view your device’s security status at any time.
Third-Party Accounts
Duo Mobile supports passcode generation for logging in to third-party TOTP accounts, like Google and Dropbox. Learn more »
Edit Accounts
To make changes to an account in your accounts list, tap the account to expand it, and then tap the three dots in the upper-right corner of the account card to bring up the account options.
Tap Move to reorder your accounts list (shown when you have more than one account in Duo Mobile). Use the up or down arrows shown to the left of each account’s name (or tap and hold the icon on the right side of the account card) to change an account’s position in the list. Tap Done when you’ve finished reordering your accounts.
Tap Rename to change the name of an account. Enter a new name for the account and then tap Save to apply the new name.
You can customize the color of the accent bar and icon for accounts in Duo Mobile which show “Third-Party” as the account type. To customize the color, tap Customize to bring up the color customization palette. Tap on the color you would like to use and then tap Save customization. Requires Duo Mobile version 4.48.0 and later.
Remove an account by tapping Delete. When you delete an account you can no longer use it to log in, and it’s also removed from your Duo Mobile backup so you can’t restore it later. If you’re sure you want to remove this account, tap Delete on the confirmation message. Tap Cancel if you don’t want to delete the account.
Backup & Restore
If your administrator enabled Duo Mobile’s backup and restore functionality and you previously backed up your Duo-protected accounts from the app to Google Drive you can restore your accounts to Duo Mobile on a new Android device via the guided recovery process. You can also perform third-party account recovery if you previously opted-in to third-party account restore. Start the account recovery process by tapping I have existing accounts on the Duo Mobile welcome screen.
See the full Duo Restore guide for Android.
Duo Mobile Appearance
Adaptive View
The accounts list in Duo Mobile adapts to you. If you rotate your device into a landscape view, your Duo Mobile accounts list rotates as well.
The individual accounts shown in the list change appearance as well, showing the full account information when you just have a few accounts, and switching to a minimized account view when you have many accounts to minimize scrolling in the app.
Dark Theme
Duo Mobile’s dark theme depends on your Android system settings. There is no in-app toggle to enable dark theme. If your device has the system-wide dark setting enabled, Duo Mobile automatically switches to dark theme.
You can enable dark theme on Android in a few different ways:
- Go to Settings → Display → Theme and select Dark Theme.
- Pull down the Android settings from the notification tray and tap Dark Theme.
Update Notifications
If your administrator has set a minimum required version of Duo Mobile, you may see a notification in Duo Mobile after attempting to authenticate with Duo Push or Duo Mobile passcode.
Update Recommended
If your Duo Mobile version is out of date, you’ll see a notification in Duo Mobile recommending that you update the app after authenticating.
Update Required
Your organization may choose to block access from older versions of Duo Mobile. If your version is blocked, you will see a notification in Duo Mobile when you try to authenticate. In that case, you’ll need to update Duo Mobile to a newer version and reauthenticate. If you can’t update Duo Mobile at that time, you can switch to a different available authentication method.
Troubleshooting
See the Common Issues guide for additional troubleshooting tips, or visit the Duo Knowledge Base. If you aren’t able to resolve your Duo Mobile issue, contact your organization’s Duo administrator or Help Desk.
Troubleshooting Duo-Protected Accounts
If you’re having issues authenticating with a Duo-protected account you can use the Troubleshoot tool in Duo Mobile version 4.70 or later to check for issues. Tap the menu and go to Troubleshoot.
The troubleshooting tool checks common issues that may affect Duo-protected authentication. For example, this device can’t connect to Duo’s service, and has some disabled accounts:
Tap the items that show issues for more information and next steps for troubleshooting. On this device with networking issues, tapping the Internet connection check shows steps for turning on WiFi.
Push Troubleshooting
If your phone is running Android 13 or later, you may need to enable Duo Push notifications.
To enable Duo Push notifications:
- Press and hold on the Duo Mobile app icon and then select App info. On the following Duo Mobile app information screen, tap Notifications. Toggle All Duo Mobile notifications to on.
If you are logging in to a Duo-protected application, but you aren’t receiving an expected Duo Push authentication request, try closing Duo Mobile and reopening it. Duo Mobile checks for pending push requests whenever it’s opened. If this doesn’t fix it, see the Duo Knowledge Base for additional Android troubleshooting steps.
Encryption Troubleshooting
Mobile device encryption helps keep the data on your device secure.
Duo considers your device encrypted when you enable password, PIN, or pattern authentication at startup. Without this setting, your device encryption is less secure, and you might not be able to access Duo-protected services or applications.
To enable encryption on your Android Device:
- Navigate to Settings → Security → Screen Lock.
- Enable password, PIN, or pattern to be required upon device startup.
- If you have a Samsung Device, you will additionally need to enable “Secure startup” or “Strong Protection” from your device’s settings and require a PIN at device startup.
- Close and reopen Duo Mobile.
If you still experience issues with the Disk Encryption error displaying in Duo Mobile, even after completing the steps above, try to disable this setting and then re-enable it again. This can happen because some Android device manufacturers will set a default password to encrypt the phone. Although your phone might say it’s encrypted, technically it isn’t fully encrypted until you set your own PIN/password/pattern at startup via your phone’s settings. Encrypting with your own password is the most secure option.
Additional items to note:
- On Samsung devices, “Secure startup” or “Strong Protection” will automatically turn off any time you enable an accessibility permission.
- Some newer devices (such as the Google Pixel) on Android 7.0 and higher support file-based encryption and can be considered encrypted by Duo without a PIN at startup.
credit: Duo